Channels

Services

Open MySQL security holes

Oracle's forthcoming version 5.1.47 of MySQL is said to contain several important security patches. The changelog states that the developers have closed three security holes which allow attackers to cause a server crash, obtain unauthorised database access or, in the worst case, inject arbitrary code and execute it on the server. The developers didn't mention which exact versions are affected.

According to the changelog, the first flaw is caused by the table name argument of the COM_FIELD_LIST command not being sufficiently checked, which, for MySQL version 5.1 and above, allows attackers with DELETE or SELECT privileges for one table to gain unauthorised read and write access to other tables. A second flaw allows overly long table names to cause a buffer overflow which "could be exploited by an authenticated user to inject malicious code". The third flaw can be triggered by sending network packets that exceed the maximum packet size to the server which results in a server crash.

While the flaws are already listed in the MySQL bug tracker, unlike the changelog the bug tracker entries are not publicly available. It was, therefore, a rather clumsy decision to provide the general public with such detailed information about the security holes; while the added attention makes it more likely that the holes will be exploited, the hands of admins are tied because they have no fixed version to switch to.